mirror of
https://github.com/curl/curl.git
synced 2026-04-13 12:41:42 +08:00
fdacf34aae
Turns out the cause of CodeQL hangs (or probably just extreme long compile) is the header `curl/typecheck-gcc.h`. By accident I noticed that the preprocessed output of libtests.c is 75 MB (megabytes). This is much higher than the amounf of source code hinted, also compared to e.g. units.c or other build targets. The reason for the extreme size is each easy option call pulling in the large checker logic defined in this header. By compiling with `-DCURL_DISABLE_TYPECHECK`, preprocessed output drops to 2.2 MB (34x), and the libtests target builds without issues. Also build all tests and examples with the Linux HTTP/3 config, covering 3 more files. With these, CodeQL C coverage is 893 out of 930 (96%) (was: 645 69%) Follow-up to71fc11e6bb#18695 Follow-up toa333fd4411#18557 Follow-up tob4922b1295#18564 Closes https://github.com/vszakats/curl/pull/11 Closes #19632
137 lines
4.9 KiB
YAML
137 lines
4.9 KiB
YAML
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
#
|
|
# SPDX-License-Identifier: curl
|
|
|
|
name: 'CodeQL'
|
|
|
|
'on':
|
|
push:
|
|
branches:
|
|
- master
|
|
- '*/ci'
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'tests/data/**'
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'tests/data/**'
|
|
schedule:
|
|
- cron: '0 0 * * 4'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
gha_python:
|
|
if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }}
|
|
name: 'GHA and Python'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write # To create/update security events
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: 'initialize'
|
|
uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|
|
with:
|
|
languages: actions, python
|
|
queries: security-extended
|
|
|
|
- name: 'perform analysis'
|
|
uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|
|
|
|
c:
|
|
if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }}
|
|
name: 'C'
|
|
runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }}
|
|
permissions:
|
|
security-events: write # To create/update security events
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform: [Linux, Windows]
|
|
env:
|
|
MATRIX_PLATFORM: '${{ matrix.platform }}'
|
|
steps:
|
|
- name: 'install prereqs'
|
|
if: ${{ matrix.platform == 'Linux' }}
|
|
timeout-minutes: 5
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
|
|
sudo apt-get -o Dpkg::Use-Pty=0 update
|
|
sudo rm -f /var/lib/man-db/auto-update
|
|
sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \
|
|
libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev libwolfssl-dev
|
|
HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi
|
|
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: 'initialize'
|
|
uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|
|
with:
|
|
languages: cpp
|
|
build-mode: manual
|
|
trap-caching: false
|
|
|
|
- name: 'build'
|
|
timeout-minutes: 10
|
|
shell: bash
|
|
run: |
|
|
if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then
|
|
cmake -B . -DBUILD_SHARED_LIBS=OFF \
|
|
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
|
|
-DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON
|
|
cmake --build . --verbose
|
|
src/Debug/curl.exe --disable --version
|
|
else
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
|
|
# MultiSSL
|
|
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
|
|
cmake -B _bld1 -G Ninja -DENABLE_DEBUG=ON \
|
|
-DCMAKE_C_FLAGS=-DCURL_DISABLE_TYPECHECK \
|
|
-DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \
|
|
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \
|
|
-DCURL_DISABLE_VERBOSE_STRINGS=ON
|
|
cmake --build _bld1
|
|
cmake --build _bld1 --target testdeps
|
|
cmake --build _bld1 --target curl-examples-build
|
|
|
|
# HTTP/3
|
|
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
|
|
cmake -B _bld2 -G Ninja \
|
|
-DCMAKE_C_FLAGS=-DCURL_DISABLE_TYPECHECK \
|
|
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \
|
|
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \
|
|
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
|
|
cmake --build _bld2
|
|
cmake --build _bld2 --target testdeps
|
|
cmake --build _bld2 --target curl-examples-build
|
|
|
|
_bld1/src/curl --disable --version
|
|
_bld2/src/curl --disable --version
|
|
fi
|
|
|
|
- name: 'perform analysis'
|
|
uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
|